Folks, let me share some random observations with you, because I can't wrap my mind around those.
-
People have Zoom, Teams, Slack, Discord, Messenger, Telegram, and Viber, all happily installed on their phones at the same time. When you then invite them to Matrix they are like "Is this necessary? Why install yet another one of those?"
-
People who use Chrome by default without ad blockers, and you just hint there is a massive intelligence and surveillance operation are quick to respond that "I am getting this services for free, so it is fine to give something back" [^1].
-
People thinking that OSS is not secure enough for their devices. Surprise surprise, it is the exact same people who fall for obvious scams and their devices are ad-ridden, bloated horrors that have not been updated in a million years, but they think that Libre Office will break their computer and lose their emails.
-
People thinking that privacy and anonymity enthusiasts are shady freaks who want to go live in the woods and possibly terrorists. There is a slightly insane take here that we are against technology because we refuse to "just" install an app to make our lives easier[^2].
So they do not complain about being exploited and disrespected, while ripped off and offered crap services, as long it is a capitalist corporation shaking them down with vendor lock-in and network effects. They are grateful even. But just the idea of installing a single free/libre OSS app or extension to protect their privacy is a red flag and pushes their buttons big time, even for just suggesting it.
So, what are your own examples of anti-OSS stupidity, and how do you explain its prevalence in society?
[^1]: It is how quick they are in responding that way, which makes me think that the idea is already crystalized in their minds, by some "anti-OSS" discourse.
[^2]: But just installing a Matrix client is a big deal.
OK if you insist, let's point out that just because people can look at the code and find vulnerabilities, this does not mean they automatically do. Just because it is open source it does not mean automatically it is secure nor private. I hope everybody reading this understands that. On the other hand, there are analyses on why the XZ thing happened, for example this one looking at bullying in the community and pressure for fixes. Without following the communities regularly and researching there is no point in being a passive consumer of open source products. Having said that, with proprietary software the opportunity to audit the code is not even there to start with, eg you have to take a provider's like Microsoft's or Telegram's word for their encryption. Let's not forget to address the misconception that viruses can't be written for Linux. They can. Also persistent actors are willing and able to compromise open source and even air-gapped systems.